Methods

Phishing Emails

Western University
Dear Western University Canada Account Owner,
This message is from Western University Canada Mailbox Administrator Messaging
Center to all email account owners. We are currently carrying out scheduled
maintenance, upgrade of our web mail service and we are changing our mail host
server, as a result your original password will be reset. We are sorry for any
inconvenience caused.
To complete your Account- Western University Canada webmail email account
settings, you must fill our verification form immediately and provide the
information requested. To SAVE your contacts and documents in your Mailbox,
you are requested to click and fill in the verification accurately.
*****************************************************************************
To Upgrade your Western University Canada Mailbox settings CLICK HERE!
Failure to do this will immediately render your email address deactivated from
the Database- Webmail Western University Canada

Multi-factor authentication: Here we’re talking about multiple factors a site can use to authenticate to you (as opposed to you authenticating to them). Many banks for example ask you to select a personal image that is shown on login, acting as an “identity cue.”

Passwords

Password Hashing

See the following lectures notes on secure password generation and storage.

Shadow file

In Linux user passwords are stored in /etc/shadow file. The relevant fields are:

<username>:$<algorithm>$<salt>$<hash>:...<other stuff>...

Algorithm:

Salt: A random salt value

Hash: The hashed (or encrypted) password.

Other stuff: Number of days since password was changed, days until it may be changed, days until it must be changed, etc.